Surveilance and the Need for Bright Lines

Ed Felten wraps up his excellent series on high-tech wiretapping by considering the risks of abuse created by the existence of pervasive wiretapping infrastructure:

The best argument against content-triggered wiretaps is the risk of abuse. By “abuse” I mean the use of wiretaps, or information gleaned from wiretaps, illegally or for the wrong reasons. Any wiretapping regime is subject to some kind of abuse–even if we ban all wiretapping by the authorities, they could still wiretap illegally. So the risk of abuse is not a new problem in the high-tech world.

But it is a worse problem than it was before. The reason is that to carry out content-triggered wiretaps, we have to build an infrastructure that makes all communications available to devices managed by the authorities. This infrastructure enables new kinds of abuse, for example the use of content-based triggers to detect political dissent or, given enough storage space, the recording of every communication for later (mis)use.

Such serious abuses are not likely, but given the harm they could do, even a tiny chance that they could occur must be taken seriously. The infrastructure of content-triggered wiretaps is the infrastructure of a police state. We don’t live in a police state, but we should worry about building police state infrastructure. To make matters worse, I don’t see any technological way to limit such a system to justified uses. Our only real protections would be oversight and the threat of legal sanctions against abusers.

I think this is a good point, but I think it’s actually much worse than that. Here’s the problem: the ultimate safeguard of our freedom is the possibility of public backlash. When Richard Nixon was caught abusing the power of the presidency, the resulting public backlash forced him out of office. In my opinion, President Bush has also been caught abusing the powers of his office, but so far there’s been no comparable public outrage.

I think there are two reasons for that. In the first place, Nixon’s extra-legal activities were obviously for political gain. Pres. Bush, in contrast, has convinced most Americans that his activities are intended to protect national security. People are willing to give politicians a lot of wiggle room when it comes to fighting terrorists.

But the second and more important reason, I think, is that surveillance–and the laws governing it–have both become more complicated. There’s been an endless and tedious debate about whether Bush violated FISA, whether the president has the “inherent authority” to conduct surveillance of domestic-to-foreign calls, whether FISA is too restrictive, etc.

I have some strong opinions on the subject, and I tend to think that some of the people on the other side are being misleading, but let’s set aside the details of this particular debate. What’s undeniable is that the average American voter doesn’t have a clue what is or isn’t legal when it comes to surveillance. Which means that if the president were skirting the law, it would be pretty difficult to hold him accountable, because there would be enough partisans on his side of the debate to muddy the waters and make voters unsure who was in the right.

The trouble with legalizing content-triggered wiretaps, then, is that the rules governing them would be even more complex than the already too complicated FISA rules. The danger isn’t just that a future president would flout the law without the public’s knowledge. The even more serious danger is that the law might be so complicated that the average voter wouldn’t be sure if the law had been broken even after the facts came out.

One of the issues I work on extensively in my day job is eminent domain, which suffers from precisely the same kind of problem. Most states, including Missouri, allow condemnation of properties if they are found to be “blighted.” When that language was introduced 50 years ago, everyone knew that “blight” meant a dangerous, rat-infested slum. But over the subsequent decades “blight” has been transformed into an all-purpose excuse for seizing peoples’ property. Because of the complexity and obscurity of eminent domain rules, there was no one around the complain when city governments bent the rules. They’ve now been bent so far that they’re no constraint at all. And until last year’s Kelo decision, voters didn’t realize how much the rules had changed.

To fix the eminent domain problem, we need a clear, simple rule. “No eminent domain for private use” is the rule we’ve been promoting. That’s a simple, clear standard that ordinary voters can understand. Other proposals, like tinkering with the eminent domain process or tightening the definition of “blight,” suffer from the defect that they leave lots of wiggle room to developers and municipalities, making it hard for voters to figure out when the rules have been abused. Abuse happens gradually, by small steps, over the course of decades.

By the same token, our surveillance laws need a clear rule like “no wiretaps unless you have a warrant issued by a judge.” I can’t imagine how you’d craft rules for a content-triggered wiretapping regime that would be anywhere near as simple. Sure, you could give the judge some kind of summary of the content-based triggers you intend to use, but he’s not a computer expert and is unlikely to have the time or expertise to determine if a particular triggering rule is reasonable or not. And that means that over time, law enforcement agencies would gradually stretch the rules until they effectively had the authority to wiretap anyone they liked for any reason they liked. Because the rules would be too complicated for the ordinary voter to understand, there’d be no public backlash to check the process.

The reason is that to carry out content-triggered wiretaps, we have to build an infrastructure that makes all communications available to devices managed by the authorities. This infrastructure enables new kinds of abuse, for example the use of content-based triggers to detect political dissent or, given enough storage space, the recording of every communication for later (mis)use.

This is actually a bit of an understatement of the problem. If such an infrastructure were to exist, because of the kinds of abuse it could be put to, it would attract to power those who would like to abuse it.

This would be an accident that we could not afford.

http://enigmafoundry.wordpress.com eee_eff

The reason is that to carry out content-triggered wiretaps, we have to build an infrastructure that makes all communications available to devices managed by the authorities. This infrastructure enables new kinds of abuse, for example the use of content-based triggers to detect political dissent or, given enough storage space, the recording of every communication for later (mis)use.

This is actually a bit of an understatement of the problem. If such an infrastructure were to exist, because of the kinds of abuse it could be put to, it would attract to power those who would like to abuse it.

This would be an accident that we could not afford.

http://technoptimist.blogspot.com/ Duncan Frissell

“no wiretaps unless you have a warrant issued by a judge.”

Interestingly, most of the recent controversies have involved things other than classic wiretaps.

The NASA case was “pen register” data. Who calls who and the SWIFT case is wire transfers outside the US.

Pen Registers aren’t wiretaps and wire transfers or other financial record held by third parties aren’t wiretaps.

As someone who’s been fighting for financial privacy since before the Privacy Act of 1970 (which restricted privacy) I think it’s funny that institutions like the New York Times that never had a problem with any program (administrative subpeonas, FINCEN, “money laundering” investigations, regulatory searches, etc.) designed to collect taxes or regulate businesses are complaining about national security uses of the exact same techniques.

Anyone who supports the current investigatory powers of the IRS, is logically estopped from whining about the NSA.

http://technoptimist.blogspot.com/ Duncan Frissell

“no wiretaps unless you have a warrant issued by a judge.”

Interestingly, most of the recent controversies have involved things other than classic wiretaps.

The NASA case was “pen register” data. Who calls who and the SWIFT case is wire transfers outside the US.

Pen Registers aren’t wiretaps and wire transfers or other financial record held by third parties aren’t wiretaps.

As someone who’s been fighting for financial privacy since before the Privacy Act of 1970 (which restricted privacy) I think it’s funny that institutions like the New York Times that never had a problem with any program (administrative subpeonas, FINCEN, “money laundering” investigations, regulatory searches, etc.) designed to collect taxes or regulate businesses are complaining about national security uses of the exact same techniques.

Anyone who supports the current investigatory powers of the IRS, is logically estopped from whining about the NSA.